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Abstract 
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Layer Security (TLS) protocol to support the ARIA encryption 
algorithm as a block cipher. 
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1. Introduction 


This document specifies cipher suites for the Transport Layer 
Security (TLS) [RFC5246] protocol to support the ARIA [RFC5794] 
encryption algorithm as a block cipher algorithm. The cipher suites 
include variants using the SHA-2 family of cryptographic hash 
functions and ARIA Galois counter mode. Elliptic curve cipher suites 
and pre-shared key (PSK) cipher suites are also defined. 


The cipher suites with SHA-1 are not included in this document. Due 
to recent analytic work on SHA-1 [Wang05], the IETF is gradually 
moving away from SHA-1 and towards stronger hash algorithms. 


1.1. ARIA 


ARIA is a general-purpose block cipher algorithm developed by Korean 
cryptographers in 2003. It is an iterated block cipher with 128-, 
192-, and 256-bit keys and encrypts 128-bit blocks in 12, 14, and 16 
rounds, depending on the key size. It is secure and suitable for 
most software and hardware implementations on 32-bit and 8-bit 
processors. It was established as a Korean standard block cipher 
algorithm in 2004 [ARIAKS] and has been widely used in Korea, 
especially for government-to-public services. It was included in 
PKCS #11 in 2007 [ARIAPKCS]. The algorithm specification and object 
identifiers are described in [RFC5794]. 
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The key words 


"SHOULD", 


Terminology 


"MUST", 
"SHOULD NOT", 
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"MUST NOT", "REQUIRED", 


"RECOMMENDED", "MAY", and 


"SHALL", 
"OPTIONAL" 
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"SHALL NOT", 


document are to be interpreted as described in [RFC2119]. 


Proposed Cipher Suites 


The first twenty cipher suites use ARIA [RFC5794] 
(CBC) 
(HMAC). 
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The next twenty cipher suites use the same asymmetric algorithms as 


HMAC-Based Cipher Suites 


Eight out of twenty use elliptic curves. 
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CipherSuite TLS RSA WITH ARIA 128 GCM_SHA256 = { 0xC0, 0x50 3; 
CipherSuite TLS RSA WITH ARIA 256 GCM SHA384 = ( 0xC0,0x51 3; 
CipherSuite TLS DHE RSA WITH ARIA 128 GCM SHA256 = ( 0xC0, 0x52 3; 
CipherSuite TLS DHE RSA WITH ARIA 256 GCM SHA384 = { 0xC0,0x53 3; 
CipherSuite TLS DH RSA WITH ARIA 128 GCM SHA256 = { 0xC0,0x54 3; 
CipherSuite TLS DH RSA WITH ARIA 256 GCM SHA384 = { 0xC0,0x55 3; 
CipherSuite TLS DHE DSS WITH ARIA 128 GCM SHA256 = ( 0xC0, 0x56 }; 
CipherSuite TLS DHE DSS WITH ARIA 256 GCM SHA384 = ( 0xC0,0x57 3; 
CipherSuite TLS DH DSS WITH ARIA 128 GCM SHA256 = ( 0xC0, 0x58 3; 
CipherSuite TLS DH DSS WITH ARIA 256 GCM SHA384 = ( 0xC0,0x59 3; 
CipherSuite TLS DH anon WITH ARIA 128 GCM SHA256 = { 0xC0,0x5A }; 
CipherSuite TLS DH anon WITH ARIA 256 GCM SHA384 = { 0xC0,0x5B }; 
CipherSuite TLS ECDHE ECDSA WITH ARIA 128 GCM SHA256 = 0xC0, 0x5C 3; 


CipherSuite TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 
CipherSuite TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 
CipherSuite TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 
CipherSuite TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 
CipherSuite TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 
CipherSuite TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 
CipherSuite TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 


0xC0, 0x5D }; 
OxCO,O0x5E 3; 
OxCO,Ox5F 3; 
0xC0, 0x60 3; 
0xC0, 0x61 3; 
0xC0, 0x62 3; 
0xC0, 0x63 }; 


ee e e aa a a a a 


2.3. PSK Cipher Suites 


The next fourteen cipher suites describe PSK cipher suites. Eight 
cipher suites use an HMAC and six cipher suites use the ARIA Galois 
Counter Mode. 


CipherSuite TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC0, 0x64 }; 
CipherSuite TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC0, 0x65 }; 
CipherSuite TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC0, 0x66 }; 
CipherSuite TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC0, 0x67 }; 
CipherSuite TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC0, 0x68 }; 
CipherSuite TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC0, 0x69 }; 
CipherSuite TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC0, 0x6A }; 
CipherSuite TLS PSK WITH ARIA 256 GCM SHA384 = 0xC0, 0x6B }; 


CipherSuite TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 
CipherSuite TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 
CipherSuite TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 
CipherSuite TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 
CipherSuite TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 
CipherSuite TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 


0xC0,0x6C }; 
0xC0, Ox6D }; 
0xC0, Ox6E }; 
0xC0, Ox6F }; 
0xC0, 0x70 }; 
0xC0, 0x71 }; 
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3. Cipher Suite Definitions 
3.1. Key Exchange 


The RSA, DHE_RSA, DH_RSA, DHE_DSS, DH_DSS, DH_anon, ECDH, and ECDHE 
key exchanges are performed as defined in [RFC5246]. 


3.2. Cipher 


The ARIA 128 CBC cipher suites use ARIA [RFC5794] in CBC mode with a 
128-bit key and 128-bit Initialization Vector (IV); the ARIA_256_CBC 
cipher suites use a 256-bit key and 128-bit IV. 


AES-authenticated encryption with additional data algorithms, 
AEAD_AES_128_GCM, and AEAD AES 256 GCM are described in [RFC5116]. 
AES GCM cipher suites for TLS are described in [RFC5288]. AES and 
ARIA share common characteristics, including key sizes and block 
length. ARIA_128_GCM and ARIA_256_GCM are defined according to those 
characteristics of AES. 


3.3. PRFs 
The pseudorandom functions (PRFs) SHALL be as follows: 


a. For cipher suites ending with _SHA256, the PRF is the TLS PRF 
[RFC5246] using SHA-256 as the hash function. 


b. For cipher suites ending with _SHA384, the PRF is the TLS PRF 
[RFC5246] using SHA-384 as the hash function. 


3.4. PSK Cipher Suites 


Pre-shared key cipher suites for TLS are described in [RFC4279], 
[RFC4785], [RFC5487], and [RFC5489]. 


4. Security Considerations 


At the time of writing this document, no security problems have been 
found on ARIA (see [YWL]). 


The security considerations in the following RFCs apply to this 


document as well: [RFC4279] [RFC4785] [RFC5116] [RFC5288] [RFC5289] 
[RFC5487] and [GCM]. 
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CipherSuite TLS_PSK_WITH_ARIA_128 CBC_SHA256 = { 0xC0,0x64 }; 
CipherSuite TLS_PSK_WITH_ARIA_256_CBC_SHA384 = ( 0xC0,0x65 }; 
CipherSuite TLS DHE PSK WITH ARIA 128 CBC SHA256 = ( 0xC0,0x66 }; 
CipherSuite TLS DHE PSK WITH ARIA 256 CBC SHA384 = { 0xC0, 0x67 3; 
CipherSuite TLS RSA PSK WITH ARIA 128 CBC SHA256 = ( 0xC0,0x68 }; 
CipherSuite TLS RSA PSK WITH ARIA 256 CBC SHA384 = { 0xC0, 0x69 3; 
CipherSuite TLS PSK WITH ARIA 128 GCM SHA256 = { 0xC0,0x6A }; 
CipherSuite TLS_PSK_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x6B }; 
CipherSuite TLS DHE PSK WITH ARIA 128 GCM SHA256 = ( 0xC0,0x6C }; 
CipherSuite TLS DHE PSK WITH ARIA 256 GCM SHA384 = ( 0xC0,0x6D 3; 
CipherSuite TLS RSA PSK WITH ARIA 128 GCM SHA256 = { 0xC0,0x6E }; 
CipherSuite TLS RSA PSK WITH ARIA 256 GCM SHA384 = ( 0xC0,0x6F 3; 
CipherSuite TLS ECDHE PSK WITH ARIA 128 CBC SHA256 = { 0xC0, 0x70 3; 
CipherSuite TLS ECDHE PSK WITH ARIA 256 CBC SHA384 = ( 0xC0,0x71 }; 
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